From sultanov2007 at gmail.com  Wed Nov 14 00:34:49 2012
From: sultanov2007 at gmail.com (alish)
Date: Wed, 14 Nov 2012 11:34:49 +0500
Subject: [Nikto-discuss] Undefined subroutine &main::get_ips
Message-ID: <CANkc-asfo2vtSDaaxCmn8uN81uyU=J_CXwgd=4zJQRa0pBGOQg@mail.gmail.com>

Hi all,
after nikto update i have such error
root at bt:/pentest/web/nikto# ./nikto.pl -C all -h x.x.x.x -useproxy
http://x.x.x.x:3128
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP:          x.x.x.x
+ Target Hostname:    x.x.x.x
+ Target Port:        80
+ Proxy:              x.x.x.x:3128
+ Start Time:         2012-11-14 11:24:48 (GMT5)
---------------------------------------------------------------------------
+ Server: Apache
+ Retrieved via header: 1.1 proxy:3128 (squid/2.7.STABLE6)
Undefined subroutine &main::get_ips called at
/pentest/web/nikto/plugins/nikto_headers.plugin line 72.

Before update all was fine.
I find this subroutine in files :
root at bt:/pentest/web/nikto/plugins# grep get_ips *
nikto_cookies.plugin:        my @ips = get_ips($c);
nikto_headers.plugin:        foreach my $ip (get_ips($response->{$header}))
{

But i did not  find it's definition in any files
This subroutine appears in Nikto v2.1.5 , you can find it in changelog

2012-09-16 Nikto 2.1.5 release
- Added sub get_ips() to centralize IP extraction from strings

Sorry for bad English :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121114/143a54a0/attachment.html>

From geoff at galitz.org  Mon Nov 19 11:06:00 2012
From: geoff at galitz.org (Geoff Galitz)
Date: Mon, 19 Nov 2012 09:06:00 -0800
Subject: [Nikto-discuss] db_404_strings processing
Message-ID: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>



Hi all.

I am getting what seem to be false positives.  I suspect nikto is not
recognizing the custom 404s we send out.  I've added some of the text and
some of the unique code of our 404 to db_404_strings but it does not seem
to help.

I am wondering if I need to do anything special after simply adding some
text to that file?  Currently I have this:  <div id="not-found-content"
style="bottom: 98px;">

Would special punctuation cause a problem?

-G



------------------------------
Geoff Galitz
http://www.galitz.org


From csullo at gmail.com  Mon Nov 19 11:22:17 2012
From: csullo at gmail.com (Sullo)
Date: Mon, 19 Nov 2012 12:22:17 -0500
Subject: [Nikto-discuss] db_404_strings processing
In-Reply-To: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>
References: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>
Message-ID: <CA+KRv63mVLJtJH-jMNLCEPnojXa=03Ke+pitfKWrM5WZNL8mVA@mail.gmail.com>

That should work. what is the response code you're sending for 404s, is it
200 or something else?

Also, you can put them in udb_404_strings so an update won't step on your
own changes.

-Sullo

On Mon, Nov 19, 2012 at 12:06 PM, Geoff Galitz <geoff at galitz.org> wrote:

>
>
> Hi all.
>
> I am getting what seem to be false positives.  I suspect nikto is not
> recognizing the custom 404s we send out.  I've added some of the text and
> some of the unique code of our 404 to db_404_strings but it does not seem
> to help.
>
> I am wondering if I need to do anything special after simply adding some
> text to that file?  Currently I have this:  <div id="not-found-content"
> style="bottom: 98px;">
>
> Would special punctuation cause a problem?
>
> -G
>
>
>
> ------------------------------
> Geoff Galitz
> http://www.galitz.org
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>



-- 

http://www.cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121119/d47ab47e/attachment.html>

From geoff at galitz.org  Mon Nov 19 11:51:44 2012
From: geoff at galitz.org (Geoff Galitz)
Date: Mon, 19 Nov 2012 09:51:44 -0800
Subject: [Nikto-discuss] db_404_strings processing
In-Reply-To: <CA+KRv63mVLJtJH-jMNLCEPnojXa=03Ke+pitfKWrM5WZNL8mVA@mail.gmail.com>
References: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>
	<CA+KRv63mVLJtJH-jMNLCEPnojXa=03Ke+pitfKWrM5WZNL8mVA@mail.gmail.com>
Message-ID: <dd2dd071ce8910a28fc1a43c8da06c61.squirrel@webmail.sonic.net>


If I use curl -v to inspect it, it shows as a 404, though we return a
pretty big page with that.

It seems like all of these false positives are XSS related.  When I issue
that URL manually (in a web browser or via curl) I get the expected custom
404 page.

Among the vast volume of output from nikto are lines like this:

+ OSVDB-651:
/cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>:
This CGI is vulnerable to Cross Site Scripting (XSS).
http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-651:
/cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>:
This CGI is vulnerable to Cross Site Scripting (XSS).
http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-7022:
/calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05:
DCP-Portal v5.3.1 is vulnerable to  Cross Site Scripting (XSS).
http://www.cert.org/advisories/CA-2000-02.html.

It could be that my theory on why this is happening is just plain wrong.

-G


> That should work. what is the response code you're sending for 404s, is it
> 200 or something else?
>
> Also, you can put them in udb_404_strings so an update won't step on your
> own changes.
>
> -Sullo
>
> On Mon, Nov 19, 2012 at 12:06 PM, Geoff Galitz <geoff at galitz.org> wrote:
>
>>
>>
>> Hi all.
>>
>> I am getting what seem to be false positives.  I suspect nikto is not
>> recognizing the custom 404s we send out.  I've added some of the text
>> and
>> some of the unique code of our 404 to db_404_strings but it does not
>> seem
>> to help.
>>
>> I am wondering if I need to do anything special after simply adding some
>> text to that file?  Currently I have this:  <div id="not-found-content"
>> style="bottom: 98px;">
>>
>> Would special punctuation cause a problem?
>>
>> -G
>>
>>
>>
>> ------------------------------
>> Geoff Galitz
>> http://www.galitz.org
>>
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
>
>
>
> --
>
> http://www.cirt.net     |      http://richsec.com/
>


------------------------------
Geoff Galitz
http://www.galitz.org


From csullo at gmail.com  Mon Nov 19 11:54:49 2012
From: csullo at gmail.com (Sullo)
Date: Mon, 19 Nov 2012 12:54:49 -0500
Subject: [Nikto-discuss] db_404_strings processing
In-Reply-To: <dd2dd071ce8910a28fc1a43c8da06c61.squirrel@webmail.sonic.net>
References: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>
	<CA+KRv63mVLJtJH-jMNLCEPnojXa=03Ke+pitfKWrM5WZNL8mVA@mail.gmail.com>
	<dd2dd071ce8910a28fc1a43c8da06c61.squirrel@webmail.sonic.net>
Message-ID: <CA+KRv61PZLke2fSKkKxD-Hwuw7d7c7M3MKbkpBOmjdb5fk-LeA@mail.gmail.com>

is the attack string echoed in the 404 page anywhere? those should match on
the content with a regex, and only trigger if that raw string is found.

On Mon, Nov 19, 2012 at 12:51 PM, Geoff Galitz <geoff at galitz.org> wrote:

>
> If I use curl -v to inspect it, it shows as a 404, though we return a
> pretty big page with that.
>
> It seems like all of these false positives are XSS related.  When I issue
> that URL manually (in a web browser or via curl) I get the expected custom
> 404 page.
>
> Among the vast volume of output from nikto are lines like this:
>
> + OSVDB-651:
> /cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>:
> This CGI is vulnerable to Cross Site Scripting (XSS).
> http://www.cert.org/advisories/CA-2000-02.html.
> + OSVDB-651:
> /cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>:
> This CGI is vulnerable to Cross Site Scripting (XSS).
> http://www.cert.org/advisories/CA-2000-02.html.
> + OSVDB-7022:
>
> /calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05:
> DCP-Portal v5.3.1 is vulnerable to  Cross Site Scripting (XSS).
> http://www.cert.org/advisories/CA-2000-02.html.
>
> It could be that my theory on why this is happening is just plain wrong.
>
> -G
>
>
> > That should work. what is the response code you're sending for 404s, is
> it
> > 200 or something else?
> >
> > Also, you can put them in udb_404_strings so an update won't step on your
> > own changes.
> >
> > -Sullo
> >
> > On Mon, Nov 19, 2012 at 12:06 PM, Geoff Galitz <geoff at galitz.org> wrote:
> >
> >>
> >>
> >> Hi all.
> >>
> >> I am getting what seem to be false positives.  I suspect nikto is not
> >> recognizing the custom 404s we send out.  I've added some of the text
> >> and
> >> some of the unique code of our 404 to db_404_strings but it does not
> >> seem
> >> to help.
> >>
> >> I am wondering if I need to do anything special after simply adding some
> >> text to that file?  Currently I have this:  <div id="not-found-content"
> >> style="bottom: 98px;">
> >>
> >> Would special punctuation cause a problem?
> >>
> >> -G
> >>
> >>
> >>
> >> ------------------------------
> >> Geoff Galitz
> >> http://www.galitz.org
> >>
> >> _______________________________________________
> >> Nikto-discuss mailing list
> >> Nikto-discuss at attrition.org
> >> https://attrition.org/mailman/listinfo/nikto-discuss
> >>
> >
> >
> >
> > --
> >
> > http://www.cirt.net     |      http://richsec.com/
> >
>
>
> ------------------------------
> Geoff Galitz
> http://www.galitz.org
>
>


-- 

http://www.cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121119/b8c2c4ce/attachment-0001.html>

From geoff at galitz.org  Mon Nov 19 12:05:32 2012
From: geoff at galitz.org (Geoff Galitz)
Date: Mon, 19 Nov 2012 10:05:32 -0800
Subject: [Nikto-discuss] db_404_strings processing
In-Reply-To: <CA+KRv61PZLke2fSKkKxD-Hwuw7d7c7M3MKbkpBOmjdb5fk-LeA@mail.gmail.com>
References: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>
	<CA+KRv63mVLJtJH-jMNLCEPnojXa=03Ke+pitfKWrM5WZNL8mVA@mail.gmail.com>
	<dd2dd071ce8910a28fc1a43c8da06c61.squirrel@webmail.sonic.net>
	<CA+KRv61PZLke2fSKkKxD-Hwuw7d7c7M3MKbkpBOmjdb5fk-LeA@mail.gmail.com>
Message-ID: <5676d30a9b4f98e5b7623cb25364a104.squirrel@webmail.sonic.net>



Ah ha...  indeed the string is being echoed in the 404 doc.  What's the
best way to deal with that?

-G



> is the attack string echoed in the 404 page anywhere? those should match
> on
> the content with a regex, and only trigger if that raw string is found.
>
> On Mon, Nov 19, 2012 at 12:51 PM, Geoff Galitz <geoff at galitz.org> wrote:
>
>>
>> If I use curl -v to inspect it, it shows as a 404, though we return a
>> pretty big page with that.
>>
>> It seems like all of these false positives are XSS related.  When I
>> issue
>> that URL manually (in a web browser or via curl) I get the expected
>> custom
>> 404 page.
>>
>> Among the vast volume of output from nikto are lines like this:
>>
>> + OSVDB-651:
>> /cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>:
>> This CGI is vulnerable to Cross Site Scripting (XSS).
>> http://www.cert.org/advisories/CA-2000-02.html.
>> + OSVDB-651:
>> /cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>:
>> This CGI is vulnerable to Cross Site Scripting (XSS).
>> http://www.cert.org/advisories/CA-2000-02.html.
>> + OSVDB-7022:
>>
>> /calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05:
>> DCP-Portal v5.3.1 is vulnerable to  Cross Site Scripting (XSS).
>> http://www.cert.org/advisories/CA-2000-02.html.
>>
>> It could be that my theory on why this is happening is just plain wrong.
>>
>> -G
>>
>>
>> > That should work. what is the response code you're sending for 404s,
>> is
>> it
>> > 200 or something else?
>> >
>> > Also, you can put them in udb_404_strings so an update won't step on
>> your
>> > own changes.
>> >
>> > -Sullo
>> >
>> > On Mon, Nov 19, 2012 at 12:06 PM, Geoff Galitz <geoff at galitz.org>
>> wrote:
>> >
>> >>
>> >>
>> >> Hi all.
>> >>
>> >> I am getting what seem to be false positives.  I suspect nikto is not
>> >> recognizing the custom 404s we send out.  I've added some of the text
>> >> and
>> >> some of the unique code of our 404 to db_404_strings but it does not
>> >> seem
>> >> to help.
>> >>
>> >> I am wondering if I need to do anything special after simply adding
>> some
>> >> text to that file?  Currently I have this:  <div
>> id="not-found-content"
>> >> style="bottom: 98px;">
>> >>
>> >> Would special punctuation cause a problem?
>> >>
>> >> -G
>> >>
>> >>
>> >>
>> >> ------------------------------
>> >> Geoff Galitz
>> >> http://www.galitz.org
>> >>
>> >> _______________________________________________
>> >> Nikto-discuss mailing list
>> >> Nikto-discuss at attrition.org
>> >> https://attrition.org/mailman/listinfo/nikto-discuss
>> >>
>> >
>> >
>> >
>> > --
>> >
>> > http://www.cirt.net     |      http://richsec.com/
>> >
>>
>>
>> ------------------------------
>> Geoff Galitz
>> http://www.galitz.org
>>
>>
>
>
> --
>
> http://www.cirt.net     |      http://richsec.com/
>


------------------------------
Geoff Galitz
http://www.galitz.org


From csullo at gmail.com  Mon Nov 19 12:06:54 2012
From: csullo at gmail.com (Sullo)
Date: Mon, 19 Nov 2012 13:06:54 -0500
Subject: [Nikto-discuss] db_404_strings processing
In-Reply-To: <5676d30a9b4f98e5b7623cb25364a104.squirrel@webmail.sonic.net>
References: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>
	<CA+KRv63mVLJtJH-jMNLCEPnojXa=03Ke+pitfKWrM5WZNL8mVA@mail.gmail.com>
	<dd2dd071ce8910a28fc1a43c8da06c61.squirrel@webmail.sonic.net>
	<CA+KRv61PZLke2fSKkKxD-Hwuw7d7c7M3MKbkpBOmjdb5fk-LeA@mail.gmail.com>
	<5676d30a9b4f98e5b7623cb25364a104.squirrel@webmail.sonic.net>
Message-ID: <CA+KRv600JeFPUQBeWR05-7K0Q-6cW69cNyj3KKe0uh3mafeLow@mail.gmail.com>

Is it actually vulnerable or escaped or ... ? The solution depends on the
actual way this is done, safely or not!

On Mon, Nov 19, 2012 at 1:05 PM, Geoff Galitz <geoff at galitz.org> wrote:

>
>
> Ah ha...  indeed the string is being echoed in the 404 doc.  What's the
> best way to deal with that?
>
> -G
>
>
>
> > is the attack string echoed in the 404 page anywhere? those should match
> > on
> > the content with a regex, and only trigger if that raw string is found.
> >
> > On Mon, Nov 19, 2012 at 12:51 PM, Geoff Galitz <geoff at galitz.org> wrote:
> >
> >>
> >> If I use curl -v to inspect it, it shows as a 404, though we return a
> >> pretty big page with that.
> >>
> >> It seems like all of these false positives are XSS related.  When I
> >> issue
> >> that URL manually (in a web browser or via curl) I get the expected
> >> custom
> >> 404 page.
> >>
> >> Among the vast volume of output from nikto are lines like this:
> >>
> >> + OSVDB-651:
> >>
> /cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>:
> >> This CGI is vulnerable to Cross Site Scripting (XSS).
> >> http://www.cert.org/advisories/CA-2000-02.html.
> >> + OSVDB-651:
> >>
> /cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>:
> >> This CGI is vulnerable to Cross Site Scripting (XSS).
> >> http://www.cert.org/advisories/CA-2000-02.html.
> >> + OSVDB-7022:
> >>
> >>
> /calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05:
> >> DCP-Portal v5.3.1 is vulnerable to  Cross Site Scripting (XSS).
> >> http://www.cert.org/advisories/CA-2000-02.html.
> >>
> >> It could be that my theory on why this is happening is just plain wrong.
> >>
> >> -G
> >>
> >>
> >> > That should work. what is the response code you're sending for 404s,
> >> is
> >> it
> >> > 200 or something else?
> >> >
> >> > Also, you can put them in udb_404_strings so an update won't step on
> >> your
> >> > own changes.
> >> >
> >> > -Sullo
> >> >
> >> > On Mon, Nov 19, 2012 at 12:06 PM, Geoff Galitz <geoff at galitz.org>
> >> wrote:
> >> >
> >> >>
> >> >>
> >> >> Hi all.
> >> >>
> >> >> I am getting what seem to be false positives.  I suspect nikto is not
> >> >> recognizing the custom 404s we send out.  I've added some of the text
> >> >> and
> >> >> some of the unique code of our 404 to db_404_strings but it does not
> >> >> seem
> >> >> to help.
> >> >>
> >> >> I am wondering if I need to do anything special after simply adding
> >> some
> >> >> text to that file?  Currently I have this:  <div
> >> id="not-found-content"
> >> >> style="bottom: 98px;">
> >> >>
> >> >> Would special punctuation cause a problem?
> >> >>
> >> >> -G
> >> >>
> >> >>
> >> >>
> >> >> ------------------------------
> >> >> Geoff Galitz
> >> >> http://www.galitz.org
> >> >>
> >> >> _______________________________________________
> >> >> Nikto-discuss mailing list
> >> >> Nikto-discuss at attrition.org
> >> >> https://attrition.org/mailman/listinfo/nikto-discuss
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> >
> >> > http://www.cirt.net     |      http://richsec.com/
> >> >
> >>
> >>
> >> ------------------------------
> >> Geoff Galitz
> >> http://www.galitz.org
> >>
> >>
> >
> >
> > --
> >
> > http://www.cirt.net     |      http://richsec.com/
> >
>
>
> ------------------------------
> Geoff Galitz
> http://www.galitz.org
>
>


-- 

http://www.cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121119/991752a8/attachment.html>

From geoff at galitz.org  Mon Nov 19 12:33:37 2012
From: geoff at galitz.org (Geoff Galitz)
Date: Mon, 19 Nov 2012 10:33:37 -0800
Subject: [Nikto-discuss] db_404_strings processing
In-Reply-To: <CA+KRv600JeFPUQBeWR05-7K0Q-6cW69cNyj3KKe0uh3mafeLow@mail.gmail.com>
References: <8976dd6205eb1dccc8e7eff42150eb27.squirrel@webmail.sonic.net>
	<CA+KRv63mVLJtJH-jMNLCEPnojXa=03Ke+pitfKWrM5WZNL8mVA@mail.gmail.com>
	<dd2dd071ce8910a28fc1a43c8da06c61.squirrel@webmail.sonic.net>
	<CA+KRv61PZLke2fSKkKxD-Hwuw7d7c7M3MKbkpBOmjdb5fk-LeA@mail.gmail.com>
	<5676d30a9b4f98e5b7623cb25364a104.squirrel@webmail.sonic.net>
	<CA+KRv600JeFPUQBeWR05-7K0Q-6cW69cNyj3KKe0uh3mafeLow@mail.gmail.com>
Message-ID: <2a9790b0f80793fe57575e0a03fcfebf.squirrel@webmail.sonic.net>


It does not appear vulnerable.  The string is being echoed it seems for
translation.  For example this is the string that matches:

			<a onClick="location='/language.de/sysuser/docmgr/blah'
                        <a
onClick="location='/language.fr/sysuser/docmgr/blah'

after I do this:

curl -v http://www.XXXXX.com/sysuser/docmgr/blah

And that is an invalid URL which gives the 404 page.

I am a bit n00bish at this though.. as you have probably guessed by now.

-G


> Is it actually vulnerable or escaped or ... ? The solution depends on the
> actual way this is done, safely or not!
>
> On Mon, Nov 19, 2012 at 1:05 PM, Geoff Galitz <geoff at galitz.org> wrote:
>
>>
>>
>> Ah ha...  indeed the string is being echoed in the 404 doc.  What's the
>> best way to deal with that?
>>
>> -G
>>
>>
>>
>> > is the attack string echoed in the 404 page anywhere? those should
>> match
>> > on
>> > the content with a regex, and only trigger if that raw string is
>> found.
>> >
>> > On Mon, Nov 19, 2012 at 12:51 PM, Geoff Galitz <geoff at galitz.org>
>> wrote:
>> >
>> >>
>> >> If I use curl -v to inspect it, it shows as a 404, though we return a
>> >> pretty big page with that.
>> >>
>> >> It seems like all of these false positives are XSS related.  When I
>> >> issue
>> >> that URL manually (in a web browser or via curl) I get the expected
>> >> custom
>> >> 404 page.
>> >>
>> >> Among the vast volume of output from nikto are lines like this:
>> >>
>> >> + OSVDB-651:
>> >>
>> /cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>:
>> >> This CGI is vulnerable to Cross Site Scripting (XSS).
>> >> http://www.cert.org/advisories/CA-2000-02.html.
>> >> + OSVDB-651:
>> >>
>> /cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>:
>> >> This CGI is vulnerable to Cross Site Scripting (XSS).
>> >> http://www.cert.org/advisories/CA-2000-02.html.
>> >> + OSVDB-7022:
>> >>
>> >>
>> /calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05:
>> >> DCP-Portal v5.3.1 is vulnerable to  Cross Site Scripting (XSS).
>> >> http://www.cert.org/advisories/CA-2000-02.html.
>> >>
>> >> It could be that my theory on why this is happening is just plain
>> wrong.
>> >>
>> >> -G
>> >>
>> >>
>> >> > That should work. what is the response code you're sending for
>> 404s,
>> >> is
>> >> it
>> >> > 200 or something else?
>> >> >
>> >> > Also, you can put them in udb_404_strings so an update won't step
>> on
>> >> your
>> >> > own changes.
>> >> >
>> >> > -Sullo
>> >> >
>> >> > On Mon, Nov 19, 2012 at 12:06 PM, Geoff Galitz <geoff at galitz.org>
>> >> wrote:
>> >> >
>> >> >>
>> >> >>
>> >> >> Hi all.
>> >> >>
>> >> >> I am getting what seem to be false positives.  I suspect nikto is
>> not
>> >> >> recognizing the custom 404s we send out.  I've added some of the
>> text
>> >> >> and
>> >> >> some of the unique code of our 404 to db_404_strings but it does
>> not
>> >> >> seem
>> >> >> to help.
>> >> >>
>> >> >> I am wondering if I need to do anything special after simply
>> adding
>> >> some
>> >> >> text to that file?  Currently I have this:  <div
>> >> id="not-found-content"
>> >> >> style="bottom: 98px;">
>> >> >>
>> >> >> Would special punctuation cause a problem?
>> >> >>
>> >> >> -G
>> >> >>
>> >> >>
>> >> >>
>> >> >> ------------------------------
>> >> >> Geoff Galitz
>> >> >> http://www.galitz.org
>> >> >>
>> >> >> _______________________________________________
>> >> >> Nikto-discuss mailing list
>> >> >> Nikto-discuss at attrition.org
>> >> >> https://attrition.org/mailman/listinfo/nikto-discuss
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> >
>> >> > http://www.cirt.net     |      http://richsec.com/
>> >> >
>> >>
>> >>
>> >> ------------------------------
>> >> Geoff Galitz
>> >> http://www.galitz.org
>> >>
>> >>
>> >
>> >
>> > --
>> >
>> > http://www.cirt.net     |      http://richsec.com/
>> >
>>
>>
>> ------------------------------
>> Geoff Galitz
>> http://www.galitz.org
>>
>>
>
>
> --
>
> http://www.cirt.net     |      http://richsec.com/
>


------------------------------
Geoff Galitz
http://www.galitz.org


From csullo at gmail.com  Wed Nov 21 23:39:20 2012
From: csullo at gmail.com (Sullo)
Date: Thu, 22 Nov 2012 00:39:20 -0500
Subject: [Nikto-discuss] Undefined subroutine &main::get_ips
In-Reply-To: <CANkc-asfo2vtSDaaxCmn8uN81uyU=J_CXwgd=4zJQRa0pBGOQg@mail.gmail.com>
References: <CANkc-asfo2vtSDaaxCmn8uN81uyU=J_CXwgd=4zJQRa0pBGOQg@mail.gmail.com>
Message-ID: <CA+KRv60pHgFMcPgzTjavMhgPFe-wGiGw8nHe8+HPu8VQaZG=+g@mail.gmail.com>

Sorry for the delay. You want to do an 'svn up' on backtrack, which will
catch you up to the latest and greatest. Because of the major release,
you're missing some updates to certain files that aren't updated via
-update.

-Sullo

On Wed, Nov 14, 2012 at 1:34 AM, alish <sultanov2007 at gmail.com> wrote:

> Hi all,
> after nikto update i have such error
> root at bt:/pentest/web/nikto# ./nikto.pl -C all -h x.x.x.x -useproxy
> http://x.x.x.x:3128
> - Nikto v2.1.5
> ---------------------------------------------------------------------------
> + Target IP:          x.x.x.x
> + Target Hostname:    x.x.x.x
> + Target Port:        80
> + Proxy:              x.x.x.x:3128
> + Start Time:         2012-11-14 11:24:48 (GMT5)
> ---------------------------------------------------------------------------
> + Server: Apache
> + Retrieved via header: 1.1 proxy:3128 (squid/2.7.STABLE6)
> Undefined subroutine &main::get_ips called at
> /pentest/web/nikto/plugins/nikto_headers.plugin line 72.
>
> Before update all was fine.
> I find this subroutine in files :
> root at bt:/pentest/web/nikto/plugins# grep get_ips *
> nikto_cookies.plugin:        my @ips = get_ips($c);
> nikto_headers.plugin:        foreach my $ip
> (get_ips($response->{$header})) {
>
> But i did not  find it's definition in any files
> This subroutine appears in Nikto v2.1.5 , you can find it in changelog
>
> 2012-09-16 Nikto 2.1.5 release
> - Added sub get_ips() to centralize IP extraction from strings
>
>
> Sorry for bad English :)
>
>
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>


-- 

http://www.cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121122/95f994c5/attachment-0001.html>